Introduction
This series of posts intends to develop a flutter signup/login app working with API calls to Django backend. The idea is to use the DRF to create APIs which can be called by the flutter application. Most of the tutorials I have seen only talk about doing it with Firebase. Since we already will be using PostgreSQL for the Django, let us use that as our server DB and using SQLite with the Flutter Application to store just the Auth token and Username.
Django Rest Framework
We assume people reading this post already know about it but still just an introduction: - DRF allows for making powerful and flexible Web APIs. - DRF provides a lot of authentication schemes out of the box and even allows us to implement custom schemes. - DRF provides an easy way to serialize and deserialize JSON according to your DB Schema. (Model Serializers)
Flutter
Google Flutter is just awesome when it comes to cross-platform app development. The fact that it doesn't convert your code to machine compatible but instead is capable of directly rendering it on the machine is the best.
BloC design pattern
We will use BloC (Business Logic Component) which was announced by Google in GOOGLE I/O' 18. BloC is simply a state management pattern that works on sinks and streams. The widgets monitor the state changes and send them to the BloC using sinks and other widgets monitor those by subscribing to those streams where they expect the relevant data to arrive. The required sections are rebuilt per the state change. Thus Bloc stands in between data and UI and asynchronously maps events to states which rebuild the UI when required.
Let us Start
We will start by creating a new Django project to provide the required APIs for Login and Signup. Go to your desired folder and activate your virtual environment. (You can refer here for the same)
Step 1
- Create the project by:
django-admin startproject HOME
Note that the project is named HOME, you can name it anything just be consistent in all the places where we use the names in the commands/code that follows. - cd into the project directory and create an app called api by:
python manage.py startapp api
We will use the auth system that Django provides by default. The User model has almost all the required fields that we may need for the Login and Signup. In case you need extra fields like phone number, address, etc. you can always define a new profile model that will have a one to one relationship with the User model. But for the sake of simplicity here, we are going to go with the User model itself. We have the fields first_name, last_name, username, email, and password which we can use to create a new user.
Step 2
- Install DRF by
pip install djangorestframework
- and also add it to your installed apps
INSTALLED_APPS = [ ... 'rest_framework', ]
- There are many auth systems available but I am going to go with Token Auth. We need to add that too in our installed apps:
INSTALLED_APPS = [ ... 'rest_framework', 'rest_framework.authtoken', ]
- We also need to add the following in our settings for us to be able to use the token auth:
REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.TokenAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.IsAuthenticated', ], }
- Migrate your changes by:
python manage.py migrate
Run it from HOME/
Step 3
Now that we are all set up and we have the default User model ready for us, we need to start creating our API
- Create a file named serializers.py
in HOME/api/
and the following code to it:
from django.contrib.auth.models import User from rest_framework import serializers from rest_framework.validators import UniqueTogetherValidator class UserSerializer(serializers.ModelSerializer): def create(self, validated_data): user = User.objects.create_user(**validated_data) return user class Meta: model = User fields = ( 'username', 'first_name', 'last_name', 'email', 'password', ) validators = [ UniqueTogetherValidator( queryset=User.objects.all(), fields=['username', 'email'] ) ]
What we did here is we created a serializer in order to map JSON to our model and vice-versa. The unique together validator will allow us to verify that the combination of username and email is unique for any particular user.
- edit your HOME/api/views.py
and add the following code to it:
from .serializers import UserSerializer from rest_framework.views import APIView from rest_framework.response import Response from rest_framework import status from rest_framework.permissions import IsAdminUser from django.contrib.auth.models import User class UserRecordView(APIView): """ API View to create or get a list of all the registered users. GET request returns the registered users whereas a POST request allows to create a new user. """ permission_classes = [IsAdminUser] def get(self, format=None): users = User.objects.all() serializer = UserSerializer(users, many=True) return Response(serializer.data) def post(self, request): serializer = UserSerializer(data=request.data) if serializer.is_valid(raise_exception=ValueError): serializer.create(validated_data=request.data) return Response( serializer.data, status=status.HTTP_201_CREATED ) return Response( { "error": True, "error_msg": serializer.error_messages, }, status=status.HTTP_400_BAD_REQUEST )
What we are doing here is creating a get and a post method, the get method allows us to get a list of all the registered users with our application and the post method allows us to create a new user with the required info as specified in our serializer.
Also, I added IsAdminUser as the permission class, the reason is that we do not want anyone to spam our server by sending multiple POST requests and creating unnecessary accounts.
- Last but not least we will add routes for access to the application. let us create the file HOME/api/urls.py
and add the following code to it:
from django.urls import path from .views import UserRecordView app_name = 'api' urlpatterns = [ path('user/', UserRecordView.as_view(), name='users'), ]
- We need to include the route for this and the token system in our main urls i.e. edit the file
HOME/urls.py
and add the following code to it:
from django.contrib import admin from django.urls import path, include from rest_framework.authtoken import views urlpatterns = [ path('admin/', admin.site.urls), path('api/', include('api.urls', namespace='api')), path('api-token-auth/', views.obtain_auth_token, name='api-token-auth'), ]
- We would need to create an admin user by:
python manage.py createsuperuser
Now enter the details asked and use them below.
Accessing our API
Thus, we have successfully created the required endpoint for the API. We can now test it by the following:
Get authentication token
- Endpoint:
http://localhost:8000/api-token-auth/
- Parameters required :
username, password
- Sample body:
json { "username": "admin", "password": "password" }
Get / Post user
- Endpoint :
http://localhost/api/user/
- GET
- parameters:
auth token as header
- sample header:
json { "Authorization": "TOKEN <token>" }
- sample response:
json { "username": "<username>", "first_name": "<first_name>", "last_name": "<last_name>", "email": "<email>", "password": "<encrypted string>" }
- POST
- parameters:
- header:
auth token as header
- sample:
json { "Authorization" : "TOKEN <token>" }
- body: username, email, first_name, last_name, password
- sample:
json { "username": "<username>", "first_name": "<first_name>", "last_name": "<last_name>", "email": "<email>", "password": "<encrypted string>" }
- header:
- response (on succesful):
json { "username": "<username>", "first_name": "<first_name>", "last_name": "<last_name>", "email": "<email>", "password": "<encrypted string>" }
I will continue the project and write posts for each part. The end result will be a flutter app working with this API and SQLite DB.
Next: Flutter signup/login application with Django backend #2
Final Post: Flutter signup/login application with Django backend #3
Very helpful! Thank you
Beautiful article. I really wanted to skip to #3 as that is something new but to read it in a series makes it very smooth reading. Well written Also, like to know your comments about FLUTTER User authentication using Google FireStore - whether that is preferable to Django -DRF - User authentication - especially in terms of speed and any other issues you can think of Thanks
We will be sending email responses to any queries. Please check your inbox for a reply :)